Experts Stole Credentials For 1.3 Million Rdp Servers From A Hacker Marketplace

✨ Megiddo

✨ President ✨
Staff member
Joined
May 15, 2016
Messages
13,117
Likes
2,643
Points
1,730
The RDP servers listed in the database are located all over the world, including government agencies in sixty-three countries.

5c58697ce7d0f2d82eec7261b68fcc58.jpg


Security researchers have stolen the credentials of 1.3 million RDP servers from the hacker marketplace Ultimate Anonymity Services (UAS).

Remote Desktop Protocol is a Microsoft solution for remote access to applications and the desktop of Windows devices. Due to its widespread use on corporate networks, cybercriminals have built a thriving economy by selling stolen credentials for RDP servers.

After gaining access to the network, an attacker can perform malicious actions, including moving around the network, stealing data, installing malware on PoS terminals to steal data from credit cards, installing backdoors or ransomware.

UAS is the largest marketplace for RDP server credentials, stolen social security numbers, and SOCKS proxy access. UAS manually validates vendor credentials, offers customer support, and provides advice on how to maintain remote access to a compromised computer.

The marketplace does not sell access to RDP servers located in Russia or the CIS countries. A special script automatically removes all found servers in these regions.

Since December 2018, a group of security researchers have had secret access to the UAS marketplace database and have stealthily stolen sold credentials for RDP servers for three years. Experts obtained IP addresses, logins and passwords for 1,379,609 accounts sold on UAS since the end of 2018. The specialists transferred the database to Vitaly Kremez from the information security company Advanced Intel.

The RDP servers listed in the database are located all over the world, including government agencies in sixty-three countries, including Brazil, India and the United States. The database also has access to RDP servers from well-known companies, including those in the healthcare sector.

As reported by Bleeping Computer, the most common logins for authorization in RDP servers were "Administrator", "Admin", "User", "test" and "scanner". The five most popular passwords include "123456", "123", "P @ ssw0rd", "1234" and "Password1".

Vitaly Kremez launched a service called RDPwned that allows companies and administrators to check if their servers are listed in the database. RDPwned can help identify old hacks that have never been found.
__________________
 
Top Bottom